<?php
/**
 * Smarty plugin
 *
 * @package    Smarty
 * @subpackage PluginsModifier
 */
/**
 * Smarty escape modifier plugin
 * Type:     modifier
 * Name:     escape
 * Purpose:  escape string for output
 *
 * @link   http://www.smarty.net/docs/en/language.modifier.escape
 * @author Monte Ohrt <monte at ohrt dot com>
 *
 * @param string  $string        input string
 * @param string  $esc_type      escape type
 * @param string  $char_set      character set, used for htmlspecialchars() or htmlentities()
 * @param boolean $double_encode encode already encoded entitites again, used for htmlspecialchars() or htmlentities()
 *
 * @return string escaped input string
 */
function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true)
{
    static $_double_encode = null;
    static $is_loaded_1 = false;
    static $is_loaded_2 = false;
    if ($_double_encode === null) {
        $_double_encode = version_compare(PHP_VERSION, '5.2.3', '>=');
    }
    if (!$char_set) {
        $char_set = Smarty::$_CHARSET;
    }
    switch ($esc_type) {
    case 'html':
        if ($_double_encode) {
            // php >=5.3.2 - go native
            return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
        } else {
            if ($double_encode) {
                // php <5.2.3 - only handle double encoding
                return htmlspecialchars($string, ENT_QUOTES, $char_set);
            } else {
                // php <5.2.3 - prevent double encoding
                $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
                $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
                $string = str_replace(
                    array(
                        '%%%SMARTY_START%%%',
                        '%%%SMARTY_END%%%'
                    ),
                    array(
                        '&',
                        ';'
                    ),
                    $string
                );
                return $string;
            }
        }
        // no break
    case 'htmlall':
        if (Smarty::$_MBSTRING) {
            // mb_convert_encoding ignores htmlspecialchars()
            if ($_double_encode) {
                // php >=5.3.2 - go native
                $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
            } else {
                if ($double_encode) {
                    // php <5.2.3 - only handle double encoding
                    $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
                } else {
                    // php <5.2.3 - prevent double encoding
                    $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
                    $string = htmlspecialchars($string, ENT_QUOTES, $char_set);
                    $string =
                        str_replace(
                            array(
                                '%%%SMARTY_START%%%',
                                '%%%SMARTY_END%%%'
                            ),
                            array(
                                '&',
                                ';'
                            ),
                            $string
                        );
                    return $string;
                }
            }
            // htmlentities() won't convert everything, so use mb_convert_encoding
            return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);
        }
        // no MBString fallback
        if ($_double_encode) {
            return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
        } else {
            if ($double_encode) {
                return htmlentities($string, ENT_QUOTES, $char_set);
            } else {
                $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
                $string = htmlentities($string, ENT_QUOTES, $char_set);
                $string = str_replace(
                    array(
                        '%%%SMARTY_START%%%',
                        '%%%SMARTY_END%%%'
                    ),
                    array(
                        '&',
                        ';'
                    ),
                    $string
                );
                return $string;
            }
        }
        // no break
    case 'url':
        return rawurlencode($string);
    case 'urlpathinfo':
        return str_replace('%2F', '/', rawurlencode($string));
    case 'quotes':
        // escape unescaped single quotes
        return preg_replace("%(?<!\\\\)'%", "\\'", $string);
    case 'hex':
        // escape every byte into hex
        // Note that the UTF-8 encoded character ä will be represented as %c3%a4
        $return = '';
        $_length = strlen($string);
        for ($x = 0; $x < $_length; $x++) {
            $return .= '%' . bin2hex($string[ $x ]);
        }
        return $return;
    case 'hexentity':
        $return = '';
        if (Smarty::$_MBSTRING) {
            if (!$is_loaded_1) {
                if (!is_callable('smarty_mb_to_unicode')) {
                    include_once SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php';
                }
                $is_loaded_1 = true;
            }
            $return = '';
            foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
                $return .= '&#x' . strtoupper(dechex($unicode)) . ';';
            }
            return $return;
        }
        // no MBString fallback
        $_length = strlen($string);
        for ($x = 0; $x < $_length; $x++) {
            $return .= '&#x' . bin2hex($string[ $x ]) . ';';
        }
        return $return;
    case 'decentity':
        $return = '';
        if (Smarty::$_MBSTRING) {
            if (!$is_loaded_1) {
                if (!is_callable('smarty_mb_to_unicode')) {
                    include_once SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php';
                }
                $is_loaded_1 = true;
            }
            $return = '';
            foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
                $return .= '&#' . $unicode . ';';
            }
            return $return;
        }
        // no MBString fallback
        $_length = strlen($string);
        for ($x = 0; $x < $_length; $x++) {
            $return .= '&#' . ord($string[ $x ]) . ';';
        }
        return $return;
    case 'javascript':
        // escape quotes and backslashes, newlines, etc.
        return strtr(
            $string,
            array(
                    '\\' => '\\\\',
                    "'"  => "\\'",
                    '"'  => '\\"',
                    "\r" => '\\r',
                    "\n" => '\\n',
                    '</' => '<\/'
                )
        );
    case 'mail':
        if (Smarty::$_MBSTRING) {
            if (!$is_loaded_2) {
                if (!is_callable('smarty_mb_str_replace')) {
                    include_once SMARTY_PLUGINS_DIR . 'shared.mb_str_replace.php';
                }
                $is_loaded_2 = true;
            }
            return smarty_mb_str_replace(
                array(
                    '@',
                    '.'
                ),
                array(
                    ' [AT] ',
                    ' [DOT] '
                ),
                $string
            );
        }
        // no MBString fallback
        return str_replace(
            array(
                    '@',
                    '.'
                ),
            array(
                    ' [AT] ',
                    ' [DOT] '
                ),
            $string
        );
    case 'nonstd':
        // escape non-standard chars, such as ms document quotes
        $return = '';
        if (Smarty::$_MBSTRING) {
            if (!$is_loaded_1) {
                if (!is_callable('smarty_mb_to_unicode')) {
                    include_once SMARTY_PLUGINS_DIR . 'shared.mb_unicode.php';
                }
                $is_loaded_1 = true;
            }
            foreach (smarty_mb_to_unicode($string, Smarty::$_CHARSET) as $unicode) {
                if ($unicode >= 126) {
                    $return .= '&#' . $unicode . ';';
                } else {
                    $return .= chr($unicode);
                }
            }
            return $return;
        }
        $_length = strlen($string);
        for ($_i = 0; $_i < $_length; $_i++) {
            $_ord = ord(substr($string, $_i, 1));
            // non-standard char, escape it
            if ($_ord >= 126) {
                $return .= '&#' . $_ord . ';';
            } else {
                $return .= substr($string, $_i, 1);
            }
        }
        return $return;
    default:
        return $string;
    }
}
